BIT-SYMFONY-2020-5255

In Symfony before versions 4.4.7 and 5.0.7, when a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the...

BIT-RESOURCESPACE-2021-41950

A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the...

Privilege escalation

A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...

CVE-2024-22131

In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...

Authorization

In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...

CVE-2024-22131 Code Injection vulnerability in SAP ABA (Application Basis)

In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...

CVE-2023-47320

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects...

Design/Logic Flaw

An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time. See product Instruction Manual Appendix A dated 20230830 for more...

CVE-2023-47109

CVE-2023-47109 concerns PrestaShop blockreassurance. The vulnerability allows a business-operator (BO) user to modify the HTTP request during block creation and supply a file path in the project instead of an image. When the block is deleted, the referenced file is removed, and the attack may ena...

GHSA-83J2-QHX2-P7JC PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block

Impact When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing...

CVE-2023-44102

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable...

CVE-2023-44102

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable...

Design/Logic Flaw

Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable...

GHSA-33R7-WJFC-7W98 Mattermost Uncontrolled Resource Consumption vulnerability

Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notificationprop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users...

Design/Logic Flaw

Vulnerability of mutex management in the bone voice ID trusted application TA module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable...

Design/Logic Flaw

Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable...

CVE-2023-41306

CVE-2023-41306 affects the mutex management in the Bone Voice ID trusted application (TA) module. The vulnerability can cause the Bone Voice ID feature to be unavailable if exploited. Public references (NVD, Red Hat, CNNVD, and related feeds) describe the issue at a high level but do not provide ...

DoS (Denial of Service) in Confluence Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 5.6 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...

CVE-2023-40031 Notepad++ vulnerable to heap buffer write overflow in Utf8_16_Read::convert

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in Utf816Read::convert. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when the PDFDoc::replacePageDict function processes data missing a necessary stream check while saving an embedded file. The attacker can cause an assertion failure in Object.h, rendering the service unavailable...